Mais conteúdo relacionado Semelhante a Digital self defense iia isaca it audit seminar (20) Mais de Ben Woelk, CISSP, CPTC (20) Digital self defense iia isaca it audit seminar1. Rochester IIA & ISACA IT Audit Seminar
December 10, 2015
Ben Woelk, CISSP
ISO Program Manager
Rochester Institute of Technology
2. Copyright © 2015 Rochester Institute of Technology
Presentation Overview
• Background
• Communications Plan Basics
• RIT Implementation
• Success?
• Discussion
4. Copyright © 2015 Rochester Institute of Technology
My Background
• Corporate
• Higher Education
– ISO Office
– Adjunct
• Techcomm
• Computing Security
5. Copyright © 2014 Rochester Institute of Technology
Rochester Institute of Technology
• RIT Environment
– 18,500 students
– 3,500 faculty and
staff
– International
Locations
– ~40,000+ systems on
the network at any
given time
– Very skilled IT
security students
6. Copyright © 2014 Rochester Institute of Technology
RIT Information Security
• RIT ISO
– 3 full time
• Information Security
Officer
• Program Manager
• Sr. Forensics
Investigator
– 1-4 student employees
• Mix of coop and part-
time
• Risk Management,
not Information
Technology
7. Copyright © 2014 Rochester Institute of Technology
COMMUNICATIONS PLAN
BASICS
8. Copyright © 2015 Rochester Institute of Technology
Communications Plan
• Benefits
– Systematic approach
– Repeatable
– Set and achieve goals
– Be proactive
– Be strategy driven, not event driven
– Strategic plan drives marketing/communications
plan
9. Copyright © 2015 Rochester Institute of Technology
TechComm 101
• “We explain things” (R. J. Lippincott,
Intercom)
• Characteristics
– Interactive and adaptable
– Reader centered
• Personas
– Contextualized
– Concise
– Visual
– Cross cultural
11. Copyright © 2015 Rochester Institute of Technology
Digital Self Defense Goals
• Inform the entire population about threats.
• Educate new members of the RIT community
on Information Security topics.
• Maintain current information outputs and
engagement on Information Security topics.
• Create new avenues for communication to
expand awareness of Information Security
office.
• Inform community of new Infosec initiatives
12. Copyright © 2015 Rochester Institute of Technology
Challenges
• Multiple audiences
• Messaging overload
• 30% annual turnover
• What, me worry?
• Dry/technical subject
13. Copyright © 2015 Rochester Institute of Technology
Security Awareness Plan
• Components
– Audience analysis
– Key messages
– Communications channels
– Calendar of promotions
– Develop relationships
15. Copyright © 2015 Rochester Institute of Technology
Strategies
• Consistent outreach
• Creative/fun deliverables
• New communication channels
• “What’s in it for me?” fulfillment
– Emphasizing home use
– Easy-to-implement best practices
– Consequences of non-compliance
– Interactive elements
16. Copyright © 2015 Rochester Institute of Technology
Key Message
• Short and Simple
18. Copyright © 2015 Rochester Institute of Technology
Monthly Topics
Month Topic
June, July, August Pre-Semester, Start of Semester
September New Students, New Semester, New Threats
October Cyber Security Awareness Month
November No Click November
December Scams and Hoaxes
January Data Privacy Month
February Ph(F)ebruary Phish
March Mobile Device Madness
April Spring Cleaning
May Graduating to Good Passwords
19. Copyright © 2015 Rochester Institute of Technology
Pre-Semester/Start of Semester
20. Copyright © 2015 Rochester Institute of Technology
Communications Channels
• What’s the best vehicle?
25. Copyright © 2015 Rochester Institute of Technology
Go Phish
https://www.pinterest.com/ritinfosec/playing-cards-by-rit-information-security/
26. Copyright © 2014 Rochester Institute of Technology
Alerts and Advisories
• Message Center
Portal/email
• Ad hoc
• ~20 per academic
year
29. Copyright © 2015 Rochester Institute of Technology
Lightning Talks
• Six minute presentations
• Slides move every 18 seconds
• Topics
– Online reputation management
– Illegal file sharing
– Safe use of social media
– Securing mobile devices
30. Copyright © 2015 Rochester Institute of Technology
DSD Lightning Talk
• https://www.youtube.com/watch?v=-Yo8TV-ZLbE
31. Copyright © 2015 Rochester Institute of Technology
New vehicles this fall
• Bus posters
• Employee Benefits Fair
• RIT Information Security
Field Guide to Identifying
Phishing and Scams
32. Copyright © 2015 Rochester Institute of Technology
DSD 101 classes
• Tips, Tricks, and Best Practices for staying
safe online
– Monthly
– Departmental presentations
33. Copyright © 2015 Rochester Institute of Technology
RIT Digital Self Defense Team
• Launched 11/11/15
– Using internal survey tool to collect metrics and
recruit team members
– 535 survey participants; 206 joined DSD Team
34. Copyright © 2015 Rochester Institute of Technology
In Development
• Phishing exercises
36. Copyright © 2015 Rochester Institute of Technology
Evaluation Tools
• Internal survey tool
– Fall baseline (open now)
– Spring progress
38. Copyright © 2015 Rochester Institute of Technology
External Evaluations
• Use with care
• Kred (2013)
– Influence (trust)
– Outreach (propensity to share)
• Klout (2009)
– Perceived social influence
39. Copyright © 2015 Rochester Institute of Technology
Evaluate and Make
Mid-Course Corrections
• You will make mistakes
• Don’t be afraid to make a change
• Did it make a difference?
• Ways to evaluate
– Surveys
– Analytics
From austinevan
40. Copyright © 2015 Rochester Institute of Technology
Key Success Factors
• What’s in it for them?
• Relevant at home as well as at work
• Reach them where they are
41. Copyright © 2015 Rochester Institute of Technology
Resources
• EDUCAUSE
– Cybersecurity Awareness Resource Library
– Security Awareness Quick Start and Advanced
Guides
• W. K. Kellogg Foundation Template for
Strategic Communications Plan
• Richard Johnson-Sheehan Technical
Communication Today
• Society for Technical Communication
42. Copyright © 2015 Rochester Institute of Technology
Contact Me
Ben Woelk
Ben.woelk@gmail.com; ben.woelk@rit.edu
Benwoelk.com
@benwoelk
www.linkedin.com/in/benwoelk/
Notas do Editor What’s the best vehicle?
Paper: Brochures, advertisements
Digital: online sites, RSS links to website
Social media: Facebook, Twitter, LinkedIn
Video: YouTube
In person: presentations, information fairs
All of the above!